It’s no secret—women working in the cybersecurity industry spend their time in a male-dominated world, having to figure out and explain how computer technology can be used to do harm or how it can otherwise go wrong. Industry experts have suggested that being an effective cybersecurity practitioner requires a certain mindset. Not only is it important to understand technical mechanisms, but professionals must have rationally paranoid instincts. Otherwise, it’s hard to imagine all the information security problems on the horizon.
Why Women Are So Fit For Security
Years, sometimes lifetimes, of fighting sexism and misogyny have given women a unique perspective on what it means to ward off impending threats. Writing about and working in cybersecurity is an admirable pursuit, for both men and women, but you rarely (if ever) see experts like Bruce Schneider or Brian Krebs writing much about online harassment or the feeling of personal threat. Although men can certainly be subject to it, it’s a serious and uniquely female problem.
Also, the overall nature of cybersecurity may be misunderstood by laypeople. Yes, we should understand how software, hardware, and networking works—but above all else, information security is about psychology and sociology. It’s about how humans interact with machines. Trojans and phishing attacks involve the direct deceit of real, flesh and blood people so as to weaponize technology as a way to harm them. Poor UI design and bad default settings in software are also a psychological phenomenon. It’s human nature to not want to spend lots of time and effort to configure applications and operating systems, and bad default settings turn that tendency into the potential for significant security vulnerabilities. Poor UI design can lead to people misunderstanding how to use their software in a more secure way.
Elle Hunt of The Guardian reported on an eye-opening study, “Harassment of women online is at risk of becoming ‘an established norm in our digital society,’ with women under 30 particularly vulnerable, according to the creators of a new Australian study.
- Nearly half the 1,000 respondents in the research by the digital security firm Norton had experienced some form of abuse or harassment online. Among women under 30, the incidence was 76%.
- Harassment ranged from unwanted contact, trolling, and cyberbullying to sexual harassment and threats of rape and death. Women under 30 were over represented in every category.
- One in seven—and one in four women aged under 30—had received general threats of physical violence. Almost one in ten women under 30 had experienced revenge porn and/or ‘sextortion.'”
- Researchers also found that women received twice as many death threats and suggestions of sexual violence as men.
Online harassment is definitely a cybersecurity problem, as it’s a way for people to use computer technology to do harm. It’s a cyber threat to security—something women experience it in a unique way. Transgender people experience it in a unique way that’s likely even more dabilitating than what cisgender women are often subject to. The cybersecurity field needs gender diversity at all levels because all demographics use computers and the internet.
So, how are my fellow ladies doing in the information security field? Let’s look at some statistics:
- Women and female people make up a little over 50% of the general population. But according to the
- Women’s Society of Cyberjutsu, only 11% of cybersecurity professionals are female. Frost and Sullivan have found the exact same figure.
- According to PwC, men are four times more likely to hold cybersecurity C-suite positions (such as Chief Security Officer or Chief Information Security Officer) than women.
Clearly the industry would be healthier if we could make the percentage of people in cybersecurity who are female closer to 50%. So what’s preventing more women from staying in the cybersecurity industry? The (ISC)2 Global Information Security Workforce Study provides a clue. 51% of women said they experienced discrimination in our industry, versus 15% of men. 28% of women said that they didn’t even feel that their opinions were valued.
Here are some first-hand account of women in the industry who have faced considerable discrimination and harassment in the workplace:
Cybersecurity Writer, Zoë Rose:
“I had one guy tell me ‘I don’t hire women because they’re too distracting to the men.’ I had classmates tell me I only got jobs, or I was more successful because I was female, and they had to hire me for diversity, or they were easier on me.”
Infosec expert, Kat Sweet:
“While I’ve been fortunate to have a great group of friends, men and women, who’ve supported me throughout my career change into security, I’ve encountered my fair share of sexist behavior. One of the first things that happened to me at my first security convention was get hit on. When I was still new to the community, various people would mistake me as just someone’s non-technical ‘plus one.’ (Which is crap, by the way. Non-technical does not mean ‘not worth talking to’ or ‘not worthy of respect’.)”
Cyber warrior, Lesley Carhart:
“My entire life has been a series of male-dominated industries, hobbies, and coursework. By the time I was working professionally in info sec, I was thoroughly used to dealing with this. All human beings are fundamentally biased in different ways — some are just more self-aware than others; so of course I’ve had to deal with some sexism. It’s frustrating when I’m questioned on fundamental IT skills before somebody trusts my advice as a subject matter expert. It’s irritating when I go to conferences and people ask me if my boyfriend brought me along. The trick is recognizing that prejudices exist, and building the self-confidence to not let them phase you.”
We’re taught in our society to defer and apologize to others. We have to be able to break out of those conventions — politely telling people they’re incorrect and backing that up with reasoning and evidence is a crucial skill learned over time.
Something’s got to change. If you can do something to use your influence to help, you could make the cybersecurity field stronger. Recommend a woman for the recruitment of a cybersecurity role. Defend a woman from harassment or discrimination. Encourage a little girl’s interest in computers. Be active in organizations like The Women’s Society of Cyberjutsu. Share this post on your social media to promote awareness for women’s digital rights.